Applicant : Norman Margolus et al. Attorney's Docket No.: 11656-004002 

Serial No. : 10/752,834 

Filed : January 7, 2004 

Page : 2 of 10 



Amendments to the Claims : 

This listing of claims replaces all prior versions and listings of claims in the application: 



Listing of Claims : 

1-61. (Canceled) 

62. (Currently Amended) A method by which a disk-based distributed data storage 
system attached to a network is organized for protecting historical records of stored data entities, 
the method comprising: 

recording distinct states of stored data entities, corresponding to different moments of 
time, as a plurality of entity versions coexisting within the distributed data storage system; 

storing copies portions of an entity version that is one of the plurality of entity versions at 
each of a plurality of storage sites of the distributed data storage system , in response to a request 
by a program that is a client of the distributed data storage system to deposit the entity version ; 

sharing among the plurality of storage sites a set of rules that restrict deletion of the entity 
version , the sharing comprising: 

communicating the set of rules over the network to the plurality of storage sites; 

and 

storing information derived from the shared set of rules at each of the plurality of 
storage sites ; and 

applying the shared set of rules independently at each of the plurality of storage sites, in 
response to a request by the client program, in order to separately determine whether or not the 
copies portion of the entity version at each site can be deleted; 

wherein if it is determined that the copies of the entity version cannot be deleted then 
they also cannot be modified; 
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wherein each of the portions represents at least part of the contents of the entity version, 
and not all of the portions are needed to reconstruct the entire contents of the entity version; 

wherein a failure event occurs that causes a one of the plurality of storage sites to delete 
its portion of the entity version in violation of the shared set of rules, and the entity version is 
subsequently retrieved successfully in response to a retrieval request sent by the client program 
to the distributed data storage system; 

wherein a the client program communicatees with the disk-based distributed data 
storage system only over the networ k deposits the entity version into the storage system ; 

wherein a first request sent by the client program communicating with the disk-based 
distributed data storage system causes the shared set of rules to restrict deletion of the entity 
version at each of the plurality of storage sites ; 

wherein a second request, sent by the client program after the first request, would enable 
the entity version to be deleted from all of the plurality of storage sites in violation of the 
restriction caused by the first, and the second request is denied; 

wherein no request sent by the client program over the network can enable deletion of the 
entity version to occur in violation of the restriction caused by the first request; 

wherein the sharing step comprises storing at each of the plurality of storage sites 
information derived from the sot of rules; 

wherein both the independent application of the shared sot of rules at each of the plurality 
of storage sites and the manner in which information that determines the rules is communicated 
between storage sites are designed to prevent alterations or corruptions of the operation at a one 
of the plurality of storage sitos from allowing tho entity version to bo dolotcd or modified at 
another of the plurality of storage sites in violation of the restriction on the deletion of the entity 

wherein the plurality of storage sites communicate with one another over the network in 
order to achieve fault tolerance against the loss of storage sites; 

wherein the shared set of rules restrict deletion, based at least in part upon a time that was 
associated with the entity version in response to a request by an act of the client program; and 
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wherein a third request, sent by the client program after the second request, causes the 
copies portions of the entity version to bo dolotod from stored at the plurality of storage sites to 
be deleted . 

63. (Canceled) 

64. (Currently Amended) The method of claim 62 in which the time associated with the 
entity version is an expiration time assigned to the entity version, and the assignment is made 
independently within each of the plurality of storage sites, according to the shared set of rules, 
before which time both modification and deletion arc prohibited. 

65. (Original) The method of claim 62 in which no single individual is given the 
authority to override the deletion prohibition at all of the plurality of storage sites. 

66. (Currently Amended) The method of claim 62 in which applying the set of rules at a 
one of the plurality of storage sites determines that an entity version can be deleted and a copy 
portion of the entity version is deleted immediately and storage space that was used to store the 
eepy portion becomes available to store new data. 

67. (Previously Presented) The method of claim 62 in which applying the set of rules 
determines that an entity version can be deleted but the entity version is not deleted until deletion 
is requested by a client of the disk-based distributed data storage system. 

68-166. (Canceled) 

167. (Previously Presented) The method of claim 62 in which, during a time interval, the 
shared set of rules prohibits deletion of the entity version while others of the plurality of entity 
versions are allowed to be deleted. 
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168. (Previously Presented) The method of claim 167 in which the time interval is at 
least a year in length. 

169. (Canceled) 

170. (Previously Presented) The method of claim 167 in which the client program causes 
the time interval during which deletion is prohibited to be extended and no subsequent action 
taken by the client program can cause the time interval to be shortened. 

171. (Previously Presented) The method of claim 167 in which the client program causes 
the length of the time interval to be set and no subsequent action taken by the client program can 
shorten the time interval. 

172. (Previously Presented) The method of claim 171 in which the length of the time 
interval is initially not set and, before the length of the time interval is set, no action taken by the 
client program can cause the entity version to be deleted 

173. (Previously Presented) The method of claim 167 in which no action taken by any 
client program that only communicates with the disk-based distributed data storage system over 
the network can cause the time interval to be shortened. 

174. (Previously Presented) The method of claim 62 in which the plurality of entity 
versions record historical states of a single stored data entity, with each of the plurality of entity 
versions associated with a historical time interval during which the recorded historical state was 
the state of the single stored data entity. 

175. (Previously Presented) The method of claim 174 in which the shared set of rules 
that determine whether or not the entity version can be deleted depend at least in part on the 
length of the historical time interval associated with the entity version. 
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176. (Previously Presented) The method of claim 174 in which the shared set of rules 
that determine whether or not the entity version can be deleted depend at least in part on whether 
or not the historical time interval associated with the entity version includes a specified moment 
of time. 

177. (Previously Presented) The method of claim 62 in which a stored data entity is a file 
in a file system or a record in a database or an object in an object storage system. 

178. (Previously Presented) The method of claim 62 in which two of the plurality of 
storage sites are located in different cities. 

179. (Currently Amended) The method of claim 62 in which the set of rules compris e 
are represented in a rule description data structure that is separate - and distinct from the software 
that implement;, the disk based distributed data storage system, and sharing occurs at the time 
when the plurality of entity versions are being stored in the storage system , and the information 
derived from the set of rules that is stored at each of the plurality of storage sites comprises a 
hash of the contents of the rule description data structure . 

180. (Previously Presented) The method of claim 62 in which the entity version is a 
version of a stored data entity and the first request causes a new version of the stored data entity 
to be stored. 

181. (Previously Presented) The method of claim 62 in which the first request assigns an 
expiration time to the entity version, before which time deletion is prohibited. 

182. (Previously Presented) The method of claim 62 in which the second or third 
request attempts to delete the entity version or to change the time associated with the entity 
version. 
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183. (Previously Presented) The method of claim 62 in which the entity version is a 
version of a stored data entity and the third request causes a new version of the stored data entity 
to be stored. 

184. (Previously Presented) The method of claim 62 in which the time associated with 
the entity version is a time when the entity version was created, transmitted or stored; or had 
some property changed; or a time assigned to the entity version. 

185. (Previously Presented) The method of claim 62 in which the shared set of rules are 
communicated to the plurality of storage sites at the time that the client program communicating 
with the disk-based distributed data storage system deposits the entity version into the storage 
system. 

186. (Previously Presented) The method of claim 62 in which care is taken to ensure 
that operators and administrators of the disk-based distributed data storage system have no 
special privileges or physical access that would allow them to circumvent or change the shared 
set of rules at all of the plurality of storage sites. 

187. (New) The method of claim 62 in which both the independent application of the 
shared set of rules at each of the plurality of storage sites and the manner in which information 
that determines the rules is communicated between storage sites are designed to prevent 
alterations or corruptions of the operation at a one of the plurality of storage sites from allowing 
the entity version to be deleted or modified at another of the plurality of storage sites in violation 
of the restriction on the deletion of the entity version. 

188. (New) The method of claim 62 in which the plurality of storage sites communicate 
with one another over the network in order to achieve fault tolerance against the loss of storage 
sites. 
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189. (New) The method of claim 62 in which the shared set of rules do not, without 
additional information, determine a moment of time after which deletion is allowed. 

190. (New) The method of claim 62 in which the shared set of rules together with a 
specification of a starting time do not, without additional information, determine a moment of 
time after which deletion is allowed. 

191. (New) The method of claim 62 in which the sharing step further comprises: 
determining the set of rules to share from a request by the client program. 



